diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-01-25 22:48:55 +0100 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-03-07 10:47:19 +0100 |
| commit | 4d0f1451b58dbd4b94da579b800adef4f4e42c34 (patch) | |
| tree | 841684bfbb83f8028c8d4ca0a9e2a125ab4dbe54 | |
| parent | mkosi: Update to v21 (diff) | |
| download | systemd-4d0f1451b58dbd4b94da579b800adef4f4e42c34.tar.xz systemd-4d0f1451b58dbd4b94da579b800adef4f4e42c34.zip | |
Build distribution packages in mkosi
Instead of running meson install and hoping for the best, let's build
distribution packages from the downstream packaging specs. This gets
us the following:
- Vastly simplified mkosi scripts since we don't need a separate initrd
image anymore but can just reuse the default mkosi initrd.
- Almost everything can move to the base image as its not the basis
anymore for the initrd and as such we don't need to care about the
size anymore.
- The systemd packages that get pulled in as dependencies of other
packages get properly uninstalled and replaced with our packages that
we built instead of just installing on top of an existing systemd
installation with no guarantee that everything from that previous
installation was removed.
- Much better testing coverage as what we're testing is much closer
to what will actually be deployed in distributions.
- Immediate feedback if something we change breaks distribution packaging
- We get integration with the distribution for free as we'll automatically
use the proper directories and such instead of having to hack this
into a mkosi build script.
- ...
60 files changed, 755 insertions, 807 deletions
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index ad380ef82d..6663dfe0cc 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -59,17 +59,17 @@ jobs: - distro: debian release: testing - distro: ubuntu - release: jammy + release: noble - distro: fedora release: "39" - distro: fedora release: rawhide - - distro: opensuse - release: tumbleweed + # TODO: Re-enable once https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/AU4NWTBXNA7MVAUXWR74XYCHCSZN4Z4K/ + # is resolved or https://build.opensuse.org/request/show/1152118 is merged. + # - distro: opensuse + # release: tumbleweed - distro: centos release: "9" - - distro: centos - release: "8" env: SYSTEMD_LOG_LEVEL: debug @@ -94,10 +94,6 @@ jobs: # Build a disk image in CI as this logic is much more prone to breakage. Format=disk - [Content] - Environment=CI_BUILD=1 - SLOW_TESTS=true - [Host] ToolsTree=default ToolsTreeDistribution=fedora diff --git a/docs/HACKING.md b/docs/HACKING.md index 270c39b587..1fbbed91d1 100644 --- a/docs/HACKING.md +++ b/docs/HACKING.md @@ -32,16 +32,16 @@ run the relevant tool from the build directory. For some components (most importantly, systemd/PID 1 itself) this is not possible, however. In order to simplify testing for cases like this we provide -a set of `mkosi` build files directly in the source tree. +a set of `mkosi` config files directly in the source tree. [mkosi](https://github.com/systemd/mkosi) is a tool for building clean OS images from an upstream distribution in combination with a fresh build of the project -in the local working directory. To make use of this, please install `mkosi` v19 -or newer using your distribution's package manager or from the -[GitHub repository](https://github.com/systemd/mkosi). `mkosi` will build an -image for the host distro by default. First, run `mkosi genkey` to generate a key -and certificate to be used for secure boot and verity signing. After that is done, -it is sufficient to type `mkosi` in the systemd project directory to generate a disk -image you can boot either in `systemd-nspawn` or in a UEFI-capable VM: +in the local working directory. To make use of this, please install the latest +version of mkosi from the [GitHub repository](https://github.com/systemd/mkosi). +`mkosi` will build an image for the host distro by default. First, run +`mkosi genkey` to generate a key and certificate to be used for secure boot and +verity signing. After that is done, it is sufficient to type `mkosi` in the +systemd project directory to generate a disk image you can boot either in +`systemd-nspawn` or in a UEFI-capable VM: ```sh $ sudo mkosi boot # nspawn still needs sudo for now diff --git a/mkosi.conf b/mkosi.conf index 2605e062ad..d611635ce7 100644 --- a/mkosi.conf +++ b/mkosi.conf @@ -2,7 +2,7 @@ [Config] Images=system -MinimumVersion=20.2 +MinimumVersion=21 [Output] @OutputDirectory=mkosi.output @@ -14,10 +14,12 @@ MinimumVersion=20.2 Environment=ASAN_OPTIONS=verify_asan_link_order=false MKOSI_ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 MKOSI_UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 +@SELinuxRelabel=no [Host] @Incremental=yes -@QemuMem=2G +# TODO: Drop to 2G again once the next Noble kernel update ships and we can use linux-image-virtual. +@QemuMem=4G @RuntimeSize=8G ToolsTreePackages=virtiofsd KernelCommandLineExtra=systemd.crash_shell diff --git a/mkosi.conf.d/05-qemu-mem.conf b/mkosi.conf.d/05-qemu-mem.conf deleted file mode 100644 index 3a6f24a7b0..0000000000 --- a/mkosi.conf.d/05-qemu-mem.conf +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# Arch and CentOS 8 Stream initrds are rather big so we need to give QEMU more memory so the kernel can load -# them without OOMing. - -[Match] -Distribution=|arch -Distribution=|centos - -[Host] -@QemuMem=3G diff --git a/mkosi.conf.d/10-opensuse.conf b/mkosi.conf.d/10-opensuse.conf index 832c0d15fb..f976fc8043 100644 --- a/mkosi.conf.d/10-opensuse.conf +++ b/mkosi.conf.d/10-opensuse.conf @@ -5,3 +5,4 @@ Distribution=opensuse [Distribution] @Release=tumbleweed +PackageManagerTrees=mkosi.conf.d/macros.db_backend:/etc/rpm/macros.db_backend diff --git a/mkosi.conf.d/10-ubuntu.conf b/mkosi.conf.d/10-ubuntu.conf index b0ebbadd48..da2d318295 100644 --- a/mkosi.conf.d/10-ubuntu.conf +++ b/mkosi.conf.d/10-ubuntu.conf @@ -4,5 +4,5 @@ Distribution=ubuntu [Distribution] -@Release=jammy +@Release=noble Repositories=universe diff --git a/mkosi.conf.d/macros.db_backend b/mkosi.conf.d/macros.db_backend new file mode 100644 index 0000000000..4a58f06458 --- /dev/null +++ b/mkosi.conf.d/macros.db_backend @@ -0,0 +1 @@ +%_db_backend ndb diff --git a/mkosi.images/base/mkosi.build.chroot b/mkosi.images/base/mkosi.build.chroot deleted file mode 100755 index b59f339b11..0000000000 --- a/mkosi.images/base/mkosi.build.chroot +++ /dev/null @@ -1,171 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# This is a build script for OS image generation using mkosi (https://github.com/systemd/mkosi). -# Simply invoke "mkosi" in the project directory to build an OS image. - -# We don't want to install our build of systemd in the base image, but use it as an extra tree for the -# initrd and system images, so override DESTDIR to store it in the output directory so we can reference it as -# an extra tree in the initrd and system image builds. -export DESTDIR="$OUTPUTDIR/systemd" - -# If mkosi.builddir/ exists mkosi will set $BUILDDIR to it, let's then use it -# as out-of-tree build dir. Otherwise, let's make up our own builddir. -[ -z "$BUILDDIR" ] && BUILDDIR="$PWD"/build - -# Let's make sure we're using stuff from the build directory first if available there. -PATH="$BUILDDIR:$PATH" -export PATH - -# The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and -# using the current kernel version. This obviously doesn't work in containers. As a workaround, we override -# the ubuntu script with a symlink to the first bpftool program we can find. -for bpftool in /usr/lib/linux-tools/*/bpftool; do - [ -x "$bpftool" ] || continue - ln -sf "$bpftool" "$BUILDDIR"/bpftool - break -done - -# CentOS Stream 8 includes bpftool 4.18.0 which is lower than what we need. However, they've backported the -# specific feature we need ("gen skeleton") to this version, so we replace bpftool with a script that reports -# version 5.6.0 to satisfy meson which makes bpf work on CentOS Stream 8 as well. -. /usr/lib/os-release -if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then - cat >"$BUILDDIR"/bpftool <<EOF -#!/bin/sh -if [ "\$1" = --version ]; then - echo 5.6.0 -else - exec /usr/sbin/bpftool \$@ -fi -EOF - chmod +x "$BUILDDIR"/bpftool -fi - -if [ ! -f "$BUILDDIR"/build.ninja ]; then - CONFIGURE_OPTS=( - -D sysvinit-path="$([[ -d /etc/rc.d/init.d ]] && echo /etc/rc.d/init.d || echo /etc/init.d)" - -D man=disabled - -D translations=false - -D version-tag="${VERSION_TAG}" - -D mode=developer - -D b_sanitize="${SANITIZERS:-none}" - -D install-tests=true - -D tests=unsafe - -D slow-tests="${SLOW_TESTS:-false}" - -D create-log-dirs=false - -D pamconfdir=/usr/lib/pam.d/ - -D utmp=true - -D hibernate=true - -D ldconfig=true - -D resolve=true - -D efi=true - -D tpm=true - -D environment-d=true - -D binfmt=true - -D coredump=true - -D pstore=true - -D oomd=true - -D logind=true - -D hostnamed=true - -D localed=true - -D machined=true - -D portabled=true - -D sysext=true - -D userdb=true - -D networkd=true - -D timedated=true - -D timesyncd=true - -D nss-myhostname=true - -D nss-systemd=true - -D firstboot=true - -D randomseed=true - -D backlight=true - -D vconsole=true - -D quotacheck=true - -D sysusers=true - -D tmpfiles=true - -D hwdb=true - -D rfkill=true - -D xdg-autostart=true - -D translations=true - -D idn=true - -D cryptolib=openssl - -D kernel-install=true - -D analyze=true - -D ukify="$([[ "$ID" = "centos" ]] && [[ "$VERSION" = "8" ]] && echo disabled || echo enabled)" - -D selinux="$([[ "$ID" =~ centos|fedora|opensuse ]] && echo enabled || echo disabled)" - -D apparmor="$([[ "$ID" =~ ubuntu|debian ]] && echo enabled || echo disabled)" - -D smack=true - -D ima=true - -D first-boot-full-preset=true - -D initrd=true - -D fexecve=true - -D default-keymap="$([[ "$ID" =~ debian|ubuntu ]] && echo "" || echo "us")" - -D xenctrl="$([[ "$ID" =~ debian|ubuntu|fedora|opensuse ]] && echo enabled || echo disabled)" - -D libiptc="$([[ "$ID" =~ debian|ubuntu ]] && echo enabled || echo disabled)" - -D libcryptsetup-plugins="$([[ "$ID" = "centos" ]] && [[ "$VERSION" = "8" ]] && echo disabled || echo enabled)" - ) - - # On debian-like systems the library directory is not /usr/lib64 but /usr/lib/<arch-triplet>/. - # It is important to use the right one especially for cryptsetup plugins, otherwise they will be - # installed in the wrong directory and not be found by cryptsetup. Assume native build. - if grep -q -e "ID=debian" -e "ID_LIKE=debian" /usr/lib/os-release && command -v dpkg 2>/dev/null; then - CONFIGURE_OPTS+=( - -D libdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)" - -D pamlibdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/security" - ) - fi - - # Set various uids and gids for which Fedora has "soft static" allocations. - # Without this, we would get warning about mismatched sysusers.d entries - # between the files that we and Fedora's setup package install. - if grep -q '^ID=fedora' /usr/lib/os-release; then - CONFIGURE_OPTS+=( - -D adm-gid=4 - -D audio-gid=63 - -D cdrom-gid=11 - -D dialout-gid=18 - -D disk-gid=6 - -D input-gid=104 - -D kmem-gid=9 - -D kvm-gid=36 - -D lp-gid=7 - -D render-gid=105 - -D sgx-gid=106 - -D tape-gid=33 - -D tty-gid=5 - -D users-gid=100 - -D utmp-gid=22 - -D video-gid=39 - -D wheel-gid=10 - -D systemd-journal-gid=190 - -D systemd-network-uid=192 - -D systemd-resolve-uid=193 - ) - fi - - if grep -q '^ID="opensuse' /usr/lib/os-release; then - CONFIGURE_OPTS+=( - -Dbpf-compiler=gcc - ) - fi - - ( set -x; meson setup "$BUILDDIR" "$SRCDIR" --auto-features=enabled "${CONFIGURE_OPTS[@]}" ) -fi - -( set -x; ninja -C "$BUILDDIR" "$@" ) -if [ "$WITH_TESTS" = 1 ]; then - if [ -n "$SANITIZERS" ]; then - export ASAN_OPTIONS="$MKOSI_ASAN_OPTIONS" - export UBSAN_OPTIONS="$MKOSI_UBSAN_OPTIONS" - TIMEOUT_MULTIPLIER=3 - else - TIMEOUT_MULTIPLIER=1 - fi - - ( set -x; meson test -C "$BUILDDIR" --print-errorlogs --timeout-multiplier=$TIMEOUT_MULTIPLIER ) -fi - -( set -x; meson install -C "$BUILDDIR" --quiet --no-rebuild --only-changed ) diff --git a/mkosi.images/base/mkosi.conf b/mkosi.images/base/mkosi.conf index be8586ce3b..fcefc3ead2 100644 --- a/mkosi.images/base/mkosi.conf +++ b/mkosi.images/base/mkosi.conf @@ -4,33 +4,51 @@ Format=directory [Content] -Bootable=no +Autologin=yes +# Make sure we build the default initrd as part of the base image as it will have access to the systemd and +# udev rpms which are built by the build scripts that are part of the base image. +Bootable=yes +# we want to build the UKI as part of the system image so make sure none are built here. +Bootloader=none CleanPackageMetadata=no Packages= -Packages= - kmod - less - util-linux - -BuildPackages= acl - binutils - clang + bash-completion + coreutils diffutils - gawk + dnsmasq + dosfstools + e2fsprogs + findutils + gcc # Sanitizer libraries gdb - gettext git - gperf grep - lld - llvm - make - meson - pkgconf + gzip + jq + kbd + kexec-tools + kmod + less + mtools + nano + nftables + openssl + python3 + qrencode rsync sed + socat strace + systemd tar + tmux + tree + udev + util-linux + valgrind + wireguard-tools + xfsprogs + zsh zstd diff --git a/mkosi.images/base/mkosi.conf.d/10-arch.conf b/mkosi.images/base/mkosi.conf.d/10-arch.conf deleted file mode 100644 index 385c73979f..0000000000 --- a/mkosi.images/base/mkosi.conf.d/10-arch.conf +++ /dev/null @@ -1,33 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=arch - -[Content] -Packages= - cryptsetup - dbus - gnutls - libarchive - libbpf - libfido2 - libmicrohttpd - libnftnl - libpwquality - libseccomp - libxkbcommon - openssl - qrencode - tpm2-tss - -BuildPackages= - bpf - docbook-xsl - glib2 - libxslt - linux-api-headers - python - python-jinja - python-lxml - python-pefile - python-pyelftools diff --git a/mkosi.images/base/mkosi.conf.d/10-arch/initrd/mkosi.postinst b/mkosi.images/base/mkosi.conf.d/10-arch/initrd/mkosi.postinst new file mode 100755 index 0000000000..ad4fe6e9a1 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-arch/initrd/mkosi.postinst @@ -0,0 +1,5 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +mkosi-install systemd systemd-sysvcompat diff --git a/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.build.chroot b/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.build.chroot new file mode 100755 index 0000000000..7fe05aa3a4 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.build.chroot @@ -0,0 +1,53 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -ex + +if [ ! -f "pkg/$DISTRIBUTION/PKGBUILD" ]; then + echo "PKGBUILD not found at pkg/$DISTRIBUTION/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 + exit 1 +fi + +# We can't configure the source or build directory so we use bind mounts instead to make sure they are in the +# expected locations. +mount --mkdir --bind "$SRCDIR" "pkg/$DISTRIBUTION/systemd-stable/" +mount --mkdir --bind "$BUILDDIR" "pkg/$DISTRIBUTION/build/" +# Because we run with --noextract we are responsible for making sure the source files appear in src/. +mount --mkdir --rbind "$PWD/pkg/$DISTRIBUTION" "pkg/$DISTRIBUTION/src/" + +# shellcheck source=/dev/null +. /etc/makepkg.conf + +# Override the default options. Use -Og because -O0 doesn't work with FORTIFY_SOURCE. We specifically disable +# "strip", "zipman" and "lto" as they slow down builds significantly. OPTIONS= cannot be overridden on the +# makepkg command line so we append to /etc/makepkg.conf instead. The rootfs is overlayed with a writable +# tmpfs during the build script so these changes don't end up in the image itself. +tee --append /etc/makepkg.conf >/dev/null <<EOF +CFLAGS="$CFLAGS -Og" +OPTIONS=(!strip docs !libtool !staticlibs emptydirs !zipman purge debug !lto) +EOF + +# Linting the PKGBUILD takes multiple seconds every build so avoid that by nuking all the linting functions. +rm /usr/share/makepkg/lint_pkgbuild/* + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# We get around makepkg's root check by setting EUID to something else. +# shellcheck disable=SC2046 +env --chdir="pkg/$DISTRIBUTION" \ + EUID=123 \ + makepkg \ + --noextract \ + $( ((WITH_TESTS)) || echo --nocheck) \ + --force \ + UPSTREAM=1 \ + QUIET=1 \ + BUILDDIR="$PWD/pkg/$DISTRIBUTION" \ + PKGDEST="$PACKAGEDIR" \ + PKGEXT=".pkg.tar" \ + PKGVER="$(cat meson.version)" \ + PKGREL="$(date "+%Y%m%d%H%M%S" --date "@$TS")" \ + MESON_EXTRA_CONFIGURE_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" diff --git a/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.conf b/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.conf new file mode 100644 index 0000000000..58a57d0283 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.conf @@ -0,0 +1,48 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch + +[Config] +InitrdInclude=initrd/ + +# TODO: Switch to https://gitlab.archlinux.org/archlinux/packaging/packages/systemd once +# https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/merge_requests/8 is merged. +[Content] +Environment= + PKG_URL="https://gitlab.archlinux.org/daandemeyer/systemd" + PKG_BRANCH="strip" + SYSTEMD_PACKAGES="systemd systemd-ukify systemd-sysvcompat systemd-resolvconf" + +Packages= + bpf + btrfs-progs + compsize + cryptsetup + dbus + dhcp + f2fs-tools + gnutls + iproute + linux + man-db + openbsd-netcat + openssh + openssl + pacman + polkit + qrencode + quota-tools + sbsigntools + shadow + tpm2-tss + vim + +InitrdPackages= + btrfs-progs + tpm2-tools + +BuildPackages= + fakeroot + pkgconf + debugedit diff --git a/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.prepare b/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.prepare new file mode 100755 index 0000000000..d6e2d4eb3d --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.prepare @@ -0,0 +1,24 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ ! -f "pkg/$DISTRIBUTION/PKGBUILD" ]; then + echo "PKGBUILD not found at pkg/$DISTRIBUTION/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 + exit 1 +fi + +if [ "$1" = "final" ]; then + # We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex. + sed --expression 's/^[ \t]*//' "pkg/$DISTRIBUTION/.SRCINFO" | + grep --regexp '^depends =' --regexp '^optdepends =' | + sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' | + xargs --delimiter '\n' mkosi-install +else + # We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on + # whether some environment variable is set or not. + # shellcheck source=/dev/null + UPSTREAM=1 . "pkg/$DISTRIBUTION/PKGBUILD" + + # shellcheck disable=SC2154 + mkosi-install "${makedepends[@]}" +fi diff --git a/mkosi.images/base/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/base/mkosi.conf.d/10-centos-fedora.conf deleted file mode 100644 index d7a135a5c0..0000000000 --- a/mkosi.images/base/mkosi.conf.d/10-centos-fedora.conf +++ /dev/null @@ -1,78 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|centos -Distribution=|fedora - -[Content] -Packages= - audit-libs - cryptsetup-libs - gnutls - libarchive - libasan - libbpf - libfido2 - libgcrypt - libmicrohttpd - libnftnl - libubsan - libxcrypt - libxkbcommon - openssl-libs - qrencode-libs - tpm2-tss - util-linux - -BuildPackages= - pkgconf - bpftool - docbook-xsl - findutils - libgcrypt-devel # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file. - libxslt - pam-devel - pkgconfig(audit) - pkgconfig(blkid) - pkgconfig(bzip2) - pkgconfig(dbus-1) - pkgconfig(fdisk) - pkgconfig(glib-2.0) - pkgconfig(gnutls) - pkgconfig(libacl) - pkgconfig(libarchive) - pkgconfig(libbpf) - pkgconfig(libcap) - pkgconfig(libcryptsetup) - pkgconfig(libcurl) - pkgconfig(libdw) - pkgconfig(libfido2) - pkgconfig(libidn2) - pkgconfig(libkmod) - pkgconfig(liblz4) - pkgconfig(libmicrohttpd) - pkgconfig(libnftnl) - pkgconfig(libpcre2-8) - pkgconfig(libqrencode) - pkgconfig(libseccomp) - pkgconfig(libselinux) - pkgconfig(libzstd) - pkgconfig(mount) - pkgconfig(numa) - pkgconfig(openssl) - pkgconfig(openssl) - pkgconfig(p11-kit-1) - pkgconfig(pwquality) - pkgconfig(tss2-esys) - pkgconfig(tss2-mu) - pkgconfig(tss2-rc) - pkgconfig(tss2-tcti-device) - pkgconfig(valgrind) - pkgconfig(xkbcommon) - python3 - python3dist(jinja2) - python3dist(lxml) - python3dist(pefile) - python3dist(pyelftools) - python3dist(pytest) - rpm diff --git a/mkosi.images/base/mkosi.conf.d/10-centos-fedora/initrd/mkosi.postinst b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/initrd/mkosi.postinst new file mode 100755 index 0000000000..0b7a4cb6b7 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/initrd/mkosi.postinst @@ -0,0 +1,5 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +mkosi-install systemd systemd-udev diff --git a/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot new file mode 100755 index 0000000000..cf3be64538 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot @@ -0,0 +1,47 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -ex + +if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then + echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once +# https://github.com/mesonbuild/meson/pull/12835 is available. +# shellcheck disable=SC2046 +rpmbuild \ + -bb \ + --build-in-place \ + --with upstream \ + $( ((WITH_TESTS)) || echo --nocheck) \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$DISTRIBUTION" \ + --define "_rpmdir $PACKAGEDIR" \ + ${BUILDDIR:+--define} \ + ${BUILDDIR:+"_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + --define "_binary_payload w.ufdio" \ + --define "debug_package %{nil}" \ + --define "version_override $(cat meson.version)" \ + --define "release_override $(date "+%Y%m%d%H%M%S" --date "@$TS")" \ + --define "_distro_extra_cflags -Og" \ + --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} %{nil}}" \ + --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \ + --define "meson_extra_configure_options -D mode=developer -D b_sanitize=${SANITIZERS:-none}" \ + --define "__brp_strip %{nil}" \ + --define "__brp_compress %{nil}" \ + --define "__brp_mangle_shebangs %{nil}" \ + --define "__brp_strip_comment_note %{nil}" \ + --define "__brp_strip_static_archive %{nil}" \ + --define "__brp_check_rpaths %{nil}" \ + --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ + --define "__script_requires %{nil}" \ + --undefine _lto_cflags \ + "pkg/$DISTRIBUTION/systemd.spec" diff --git a/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.conf new file mode 100644 index 0000000000..4c80b0a36f --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.conf @@ -0,0 +1,54 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Config] +InitrdInclude=initrd/ + +[Content] +Environment= + SYSTEMD_PACKAGES="systemd + systemd-udev + systemd-container + systemd-repart + systemd-resolved + systemd-networkd + systemd-boot + systemd-tests + systemd-ukify + systemd-pam + systemd-oomd-defaults + systemd-journal-remote + systemd-networkd-defaults" +Packages= + bpftool + cryptsetup + dhcp-server + dnf + gnutls + integritysetup + iproute + iproute-tc + kernel-core + libasan + libcap-ng-utils + libubsan + netcat + openssh-clients + openssh-server + p11-kit + pam + passwd + polkit + procps-ng + quota + rpm + rpm-build + rpmautospec + util-linux + vim-common + +InitrdPackages= + tpm2-tools diff --git a/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.prepare new file mode 100755 index 0000000000..c07251a7e1 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.prepare @@ -0,0 +1,66 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -ex + +if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then + echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [ "$1" = "final" ]; then + DEPS="--requires" +else + DEPS="--buildrequires" +fi + +mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + "$DEPS" \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$DISTRIBUTION" \ + "pkg/$DISTRIBUTION/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install + +if [ "$1" = "final" ]; then + exit 0 +fi + +# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the +# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy. +# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore. +sed '/Source0/d' --in-place "pkg/$DISTRIBUTION/systemd.spec" + +until mkosi-chroot \ + rpmbuild \ + -br \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$DISTRIBUTION" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + "pkg/$DISTRIBUTION/systemd.spec" +do + EXIT_STATUS=$? + if [ $EXIT_STATUS -ne 11 ]; then + exit $EXIT_STATUS + fi + + mkosi-chroot \ + rpm \ + --query \ + --package \ + --requires \ + /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | + grep --invert-match '^rpmlib(' | + sort --unique >/tmp/dynamic-buildrequires + + sort /tmp/buildrequires /tmp/dynamic-buildrequires | + uniq --unique | + tee --append /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done diff --git a/mkosi.images/base/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.images/base/mkosi.conf.d/10-centos/mkosi.conf new file mode 100644 index 0000000000..dd08467aaf --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-centos/mkosi.conf @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=centos + +[Content] +Environment= + PKG_URL="https://git.centos.org/rpms/systemd" + PKG_BRANCH="c9s-sig-hyperscale" + +Packages= + kernel-modules # For squashfs support + rpmautospec-rpm-macros diff --git a/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu.conf b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu.conf deleted file mode 100644 index 1d28be30f8..0000000000 --- a/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu.conf +++ /dev/null @@ -1,77 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|debian -Distribution=|ubuntu - -[Content] -Packages= - ^libtss2-esys-[0-9\.]+-0$ - dmsetup - libapparmor1 - libarchive13 - libfdisk1 - libfido2-1 - libglib2.0-0 - libgnutls30 - libidn2-0 - liblz4-1 - libmicrohttpd12 - libnftnl11 - libp11-kit0 - libpam0g - libpwquality1 - libqrencode4 - libssl3 - libip4tc2 - ^libtss2-mu[0-9\.-]+$ - libtss2-rc0 - libtss2-tcti-device0 - tzdata - -BuildPackages= - docbook-xsl - dpkg-dev - g++ - libacl1-dev - libapparmor-dev - libarchive-dev - libaudit-dev - libblkid-dev - libbpf-dev - libbz2-dev - libcap-dev - libcryptsetup-dev - libcurl4-openssl-dev - libdbus-1-dev - libdw-dev - libfdisk-dev - libfido2-dev - libgcrypt20-dev - libglib2.0-dev - libgnutls28-dev - libidn2-dev - libiptc-dev - libkmod-dev - liblz4-dev - libmicrohttpd-dev - libmount-dev - libnftnl-dev - libp11-kit-dev - libpam0g-dev - libpwquality-dev - libqrencode-dev - libseccomp-dev - libsmartcols-dev - libssl-dev - libtss2-dev - libxen-dev - libxkbcommon-dev - libzstd-dev - python3 - python3-jinja2 - python3-lxml - python3-pefile - python3-pyelftools - python3-pytest - xsltproc diff --git a/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/initrd/mkosi.postinst b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/initrd/mkosi.postinst new file mode 100755 index 0000000000..640cdb1e32 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/initrd/mkosi.postinst @@ -0,0 +1,5 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +mkosi-install systemd udev diff --git a/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot new file mode 100755 index 0000000000..d1ec8c1894 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot @@ -0,0 +1,89 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ ! -d "pkg/$DISTRIBUTION/debian" ]; then + echo "deb rules not found at pkg/$DISTRIBUTION/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +# We transplant the debian/ folder from the deb package sources into the upstream sources. +mount --mkdir --bind "$SRCDIR/pkg/$DISTRIBUTION/debian" "$SRCDIR"/debian + +# We hide the patches/ directory by mounting an empty directory on top so they don't get applied. +TMP=$(mktemp -d) +mount --bind "$TMP" "$SRCDIR"/debian/patches + +# While the build directory can be specified through DH_OPTIONS, the default one is hardcoded everywhere so +# we have to use that. Because it is architecture dependent, we query it using dpkg-architecture first. +DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)" +mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE" + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# Add a new changelog entry to update the version. We use a fixed date since a dynamic one causes a full +# rebuild every time. +cat >debian/changelog.new <<EOF +systemd ($(cat meson.version).$(date "+%Y%m%d%H%M%S" --date "@$TS")) UNRELEASED; urgency=low + + * Automatic build from mkosi + + -- systemd test <systemd-devel@lists.freedesktop.org> $(date --rfc-email --date "@$TS") + +EOF +cat debian/changelog >>debian/changelog.new +mv debian/changelog.new debian/changelog + +build() { + DEB_BUILD_OPTIONS="$( ((WITH_TESTS)) || echo nocheck) $( ((WITH_DOCS)) || echo nodoc) nostrip terse optimize=-lto" \ + DEB_BUILD_PROFILES="$( ((WITH_TESTS)) || echo nocheck) $( ((WITH_DOCS)) || echo nodoc) pkg.systemd.upstream" \ + DEB_CFLAGS_APPEND="-Og" \ + DPKG_FORCE="unsafe-io" \ + DPKG_DEB_COMPRESSOR_TYPE="none" \ + DH_MISSING="--fail-missing" \ + CONFFLAGS_UPSTREAM="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" \ + dpkg-buildpackage \ + --no-pre-clean \ + --unsigned-changes \ + --build=binary +} + +if ! build; then + # debhelper installs files for each package to debian/<package> so we figure out which files were + # packaged by querying all the package names from debian/control and running find on each of the + # corresponding package directory in debian/. + grep "Package:" debian/control | + sed "s/Package: //" | + xargs -d '\n' -I {} sh -c "[ -d debian/{} ] && (cd debian/{} && find . ! -type d ! -path "*dh-exec*" -printf '%P\n')" | + # Remove compression suffix from compressed manpages as the manpages in debian/tmp will be uncompressed. + sed --regexp-extended 's/([0-9])\.gz$/\1/' | + sort --unique >/tmp/packaged-files + + # We figure out the installed files by running find on debian/tmp/ which contains the files installed + # by meson install. + (cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files + + if [ -f debian/not-installed ]; then + grep --invert-match "^#" debian/not-installed >>/tmp/installed-files + fi + + sort --unique --output /tmp/installed-files /tmp/installed-files + + # We get all the installed files that were not packaged by finding entries in the installed file that are + # not in the packaged file. + comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files + # If there are no unpackaged files something else went wrong. + if [ ! -s /tmp/unpackaged-files ]; then + exit 1 + fi + + # Otherwise, we append the unpackaged files to the filelist for the systemd package and retry the build. + cat /tmp/unpackaged-files >>debian/systemd.install + build +fi + +mv ../*.deb "$PACKAGEDIR" diff --git a/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.conf new file mode 100644 index 0000000000..c2a9c399e1 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.conf @@ -0,0 +1,61 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Config] +InitrdInclude=initrd/ + +[Content] +Environment= + PKG_URL="https://salsa.debian.org/systemd-team/systemd" + PKG_BRANCH="debian/master" + SYSTEMD_PACKAGES="systemd + systemd-userdbd + systemd-oomd + systemd-sysv + systemd-tests + systemd-timesyncd + systemd-resolved + systemd-homed + systemd-coredump + systemd-journal-remote + systemd-container + systemd-boot + systemd-ukify + udev" + +Packages= + ^libtss2-esys-[0-9.]+-0$ + ^libtss2-mu-[0-9.]+-0$ + apt + btrfs-progs + cryptsetup-bin + dbus-broker + default-dbus-session-bus + dmsetup + f2fs-tools + fdisk + iproute2 + isc-dhcp-server + libcap-ng-utils + libtss2-rc0 + libtss2-tcti-device0 + netcat-openbsd + openssh-client + openssh-server + passwd + policykit-1 + procps + quota + sbsigntool + tzdata + xxd + +InitrdPackages= + btrfs-progs + tpm2-tools + +BuildPackages= + dpkg-dev diff --git a/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare new file mode 100755 index 0000000000..32c60feb7e --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare @@ -0,0 +1,15 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ "$1" = "final" ]; then + exit 0 +fi + +if [ ! -d "pkg/$DISTRIBUTION/debian" ]; then + echo "deb rules not found at pkg/$DISTRIBUTION/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +cd "pkg/$DISTRIBUTION" +DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep . diff --git a/mkosi.images/base/mkosi.conf.d/10-debian.conf b/mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf index 020b02b61c..c6b6155dda 100644 --- a/mkosi.images/base/mkosi.conf.d/10-debian.conf +++ b/mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf @@ -2,10 +2,3 @@ [Match] Distribution=debian - -[Content] -Packages= - libbpf1 - -BuildPackages= - bpftool diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-amd64.conf b/mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf.d/amd64.conf index d3c89f3a8c..615de52499 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian-amd64.conf +++ b/mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf.d/amd64.conf @@ -1,10 +1,8 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [Match] -Distribution=debian Architecture=x86-64 [Content] Packages= - bpftool linux-image-cloud-amd64 diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-arm64.conf b/mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf index 76a6898111..af923fa442 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian-arm64.conf +++ b/mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf @@ -1,10 +1,8 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [Match] -Distribution=debian Architecture=arm64 [Content] Packages= - bpftool linux-image-cloud-arm64 diff --git a/mkosi.images/base/mkosi.conf.d/10-fedora.conf b/mkosi.images/base/mkosi.conf.d/10-fedora.conf deleted file mode 100644 index a8fbce47fb..0000000000 --- a/mkosi.images/base/mkosi.conf.d/10-fedora.conf +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=fedora - -[Content] -BuildPackages= - python3dist(pytest-flakes) - pkgconfig(xencontrol) diff --git a/mkosi.images/system/mkosi.conf.d/10-fedora.conf b/mkosi.images/base/mkosi.conf.d/10-fedora/mkosi.conf index 7554ad2dc3..cea31ed697 100644 --- a/mkosi.images/system/mkosi.conf.d/10-fedora.conf +++ b/mkosi.images/base/mkosi.conf.d/10-fedora/mkosi.conf @@ -4,9 +4,16 @@ Distribution=fedora [Content] +Environment= + PKG_URL="https://src.fedoraproject.org/rpms/systemd" + PKG_BRANCH="rawhide" + Packages= btrfs-progs compsize f2fs-tools glibc-langpack-en sbsigntools + +InitrdPackages= + btrfs-progs diff --git a/mkosi.images/base/mkosi.conf.d/10-opensuse.conf b/mkosi.images/base/mkosi.conf.d/10-opensuse.conf deleted file mode 100644 index 941a50a6d1..0000000000 --- a/mkosi.images/base/mkosi.conf.d/10-opensuse.conf +++ /dev/null @@ -1,95 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Content] -# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox -# versions don't get installed instead. -Packages= - device-mapper - distribution-release - docbook-xsl-stylesheets - gawk - grep - gzip - libbpf1 - libarchive13 - libcrypt1 - libcryptsetup12 - libdw1 - libelf1 - libfido2 - libgcrypt20 - libglib-2_0-0 - libkmod2 - libmount1 - libnftnl11 - libopenssl3 - libp11-kit0 - libqrencode4 - libseccomp2 - libtss2-esys0 - libtss2-mu0 - libtss2-rc0 - libtss2-tcti-device0 - libxkbcommon0 - libzstd1 - pam - rsync - sed - shadow - tpm2-0-tss - xz - -BuildPackages= - audit-devel - bpftool - cross-bpf-gcc13 - dbus-1-devel - fdupes - gcc-c++ - glib2-devel - glibc-locale - intltool - libacl-devel - libapparmor-devel - libarchive-devel - libblkid-devel - libbpf-devel - libbz2-devel - libcap-devel - libcryptsetup-devel - libcurl-devel - libdw-devel - libelf-devel - libfdisk-devel - libfido2-devel - libgcrypt-devel - libgnutls-devel - libkmod-devel - liblz4-devel - libmicrohttpd-devel - libmount-devel - libnftnl-devel - libpwquality-devel - libseccomp-devel - libselinux-devel - libxkbcommon-devel - libxslt-tools - libzstd-devel - openssl-devel - pam-devel - pciutils-devel - python3 - python3-Jinja2 - python3-lxml - python3-pefile - python3-pyelftools - python3-pytest - python3-pytest-flakes - qrencode-devel - shadow - timezone - tpm2-0-tss-devel - xen-devel diff --git a/mkosi.images/initrd/mkosi.postinst b/mkosi.images/base/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst index de610dfeb6..6a60ce83e5 100755 --- a/mkosi.images/initrd/mkosi.postinst +++ b/mkosi.images/base/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst @@ -5,3 +5,5 @@ set -e # OpenSUSE insists on blacklisting erofs by default because its supposedly a legacy filesystem. # See https://github.com/openSUSE/suse-module-tools/pull/71 rm -f "$BUILDROOT/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf" + +mkosi-install systemd udev diff --git a/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.build.chroot b/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.build.chroot new file mode 100755 index 0000000000..e1abe0b135 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.build.chroot @@ -0,0 +1,63 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -ex + +if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then + echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we +# disable manpage compression as the files cannot be found. Fix the issue by removing the compression +# extension. +find "pkg/$DISTRIBUTION" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; + +build() { + # TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once + # https://github.com/mesonbuild/meson/pull/12835 is available. + # shellcheck disable=SC2046 + rpmbuild \ + -bb \ + --build-in-place \ + --with upstream \ + $( ((WITH_TESTS)) || echo --nocheck) \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$DISTRIBUTION" \ + --define "_rpmdir $PACKAGEDIR" \ + ${BUILDDIR:+--define} \ + ${BUILDDIR:+"_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + --define "_binary_payload w.ufdio" \ + --define "debug_package %{nil}" \ + --define "vendor openSUSE" \ + --define "version_override $(cat meson.version)" \ + --define "release_override $(date "+%Y%m%d%H%M%S" --date "@$TS")" \ + --define "__check_files sh -c '$(rpm --eval %__check_files) | tee /tmp/unpackaged-files'" \ + --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} %{nil}}" \ + --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \ + --define "meson_extra_configure_options -D mode=developer -D b_sanitize=${SANITIZERS:-none}" \ + --define "__os_install_post /usr/lib/rpm/brp-suse %{nil}" \ + --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ + --define "__script_requires %{nil}" \ + "$@" \ + "pkg/$DISTRIBUTION/systemd.spec" +} + +if ! build; then + if [ ! -s /tmp/unpackaged-files ]; then + exit 1 + fi + + # rpm will append to any existing systemd.lang so delete it explicitly so we don't get duplicate file + # warnings. + rm systemd.lang + + cat /tmp/unpackaged-files >>"pkg/$DISTRIBUTION/files.systemd" + build --noprep --nocheck +fi diff --git a/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.conf new file mode 100644 index 0000000000..4ef13b6ca5 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.conf @@ -0,0 +1,55 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Config] +InitrdInclude=initrd/ + +[Content] +Environment= + PKG_URL="https://code.opensuse.org/package/systemd" + PKG_BRANCH="master" + SYSTEMD_PACKAGES="systemd + udev + systemd-experimental + systemd-boot + systemd-container + systemd-homed + systemd-network + systemd-portable + systemd-sysvcompat + systemd-testsuite" + +# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox +# versions don't get installed instead. +Packages= + bpftool + btrfs-progs + cryptsetup + dbus-broker + device-mapper + distribution-release + docbook-xsl-stylesheets + f2fs-tools + gawk + glibc-locale-base + grep + gzip + kernel-kvmsmall + openssh-clients + openssh-server + pam + quota + rpm-build + rsync + sbsigntools + sed + shadow + timezone + vim + xz + +InitrdPackages= + btrfs-progs + tpm2.0-tools diff --git a/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.prepare b/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.prepare new file mode 100755 index 0000000000..dd01a3f20e --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.prepare @@ -0,0 +1,61 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then + echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [ "$1" = "final" ]; then + DEPS="--requires" +else + DEPS="--buildrequires" +fi + +mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + "$DEPS" \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$DISTRIBUTION" \ + "pkg/$DISTRIBUTION/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install + +if [ "$1" = "final" ]; then + exit 0 +fi + +until mkosi-chroot \ + rpmbuild \ + -bd \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$DISTRIBUTION" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + "pkg/$DISTRIBUTION/systemd.spec" +do + EXIT_STATUS=$? + if [ $EXIT_STATUS -ne 11 ]; then + exit $EXIT_STATUS + fi + + mkosi-chroot \ + rpm \ + --query \ + --package \ + --requires \ + /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | + grep --invert-match '^rpmlib(' | + sort --unique >/tmp/dynamic-buildrequires + + sort /tmp/buildrequires /tmp/dynamic-buildrequires | + uniq --unique | + tee --append /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done diff --git a/mkosi.images/base/mkosi.conf.d/10-ubuntu.conf b/mkosi.images/base/mkosi.conf.d/10-ubuntu/mkosi.conf index 717809fd03..85126a1a37 100644 --- a/mkosi.images/base/mkosi.conf.d/10-ubuntu.conf +++ b/mkosi.images/base/mkosi.conf.d/10-ubuntu/mkosi.conf @@ -5,8 +5,7 @@ Distribution=ubuntu [Content] Packages= - libbpf0 - -BuildPackages= + # We would like to use linux-virtual but it does not have support for SMBIOS credentials. + linux-image-generic linux-tools-common linux-tools-generic diff --git a/mkosi.images/system/mkosi.extra/etc/issue b/mkosi.images/base/mkosi.extra/etc/issue index 6aa6fc0ec0..6aa6fc0ec0 100644 --- a/mkosi.images/system/mkosi.extra/etc/issue +++ b/mkosi.images/base/mkosi.extra/etc/issue diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf b/mkosi.images/base/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf index 2f953290d3..2f953290d3 100644 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf +++ b/mkosi.images/base/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh b/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh index e0fcf30498..e0fcf30498 100755 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh +++ b/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service b/mkosi.images/base/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service index 7942cbfa77..7942cbfa77 100644 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service +++ b/mkosi.images/base/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service diff --git a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.images/base/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf index dac79ba4ed..dac79ba4ed 100644 --- a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf +++ b/mkosi.images/base/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf diff --git a/mkosi.images/system/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb b/mkosi.images/base/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb index 26f882bc2b..26f882bc2b 100644 --- a/mkosi.images/system/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb +++ b/mkosi.images/base/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb diff --git a/mkosi.images/system/mkosi.finalize b/mkosi.images/base/mkosi.finalize index 74b810c152..74b810c152 100755 --- a/mkosi.images/system/mkosi.finalize +++ b/mkosi.images/base/mkosi.finalize diff --git a/mkosi.images/base/mkosi.postinst b/mkosi.images/base/mkosi.postinst new file mode 100755 index 0000000000..caaf253ef6 --- /dev/null +++ b/mkosi.images/base/mkosi.postinst @@ -0,0 +1,6 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +# shellcheck disable=SC2086 +mkosi-install $SYSTEMD_PACKAGES diff --git a/mkosi.images/system/mkosi.postinst.chroot b/mkosi.images/base/mkosi.postinst.chroot index 330fa3b73e..26459b165d 100755 --- a/mkosi.images/system/mkosi.postinst.chroot +++ b/mkosi.images/base/mkosi.postinst.chroot @@ -2,10 +2,6 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if [ "$1" = "build" ]; then - exit 0 -fi - if [ -n "$SANITIZERS" ]; then LD_PRELOAD=$(ldd /usr/lib/systemd/systemd | grep libasan.so | awk '{print $3}') @@ -48,22 +44,6 @@ EOF systemctl mask systemd-hwdb-update.service fi -if [ -n "$IMAGE_ID" ] ; then - sed -n \ - -i \ - -e '/^IMAGE_ID=/!p' \ - -e "\$aIMAGE_ID=$IMAGE_ID" \ - /usr/lib/os-release -fi - -if [ -n "$IMAGE_VERSION" ] ; then - sed -n \ - -i \ - -e '/^IMAGE_VERSION=/!p' \ - -e "\$aIMAGE_VERSION=$IMAGE_VERSION" \ - /usr/lib/os-release -fi - if command -v authselect >/dev/null; then # authselect 1.5.0 renamed the minimal profile to the local profile without keeping backwards compat so # let's use the new name if it exists. @@ -87,11 +67,6 @@ rm -f /etc/resolv.conf . /usr/lib/os-release -if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then - alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 1 - alternatives --set python3 /usr/bin/python3.9 -fi - mkdir -p /usr/lib/sysusers.d cat >/usr/lib/sysusers.d/testuser.conf <<EOF u testuser 4711 "Test User" /home/testuser diff --git a/mkosi.images/base/mkosi.sync b/mkosi.images/base/mkosi.sync new file mode 100755 index 0000000000..b93339afe1 --- /dev/null +++ b/mkosi.images/base/mkosi.sync @@ -0,0 +1,13 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if ((CACHED)); then + exit 0 +fi + +if [ -z "$(ls --almost-all "pkg/$DISTRIBTION")" ]; then + git clone "$PKG_URL" --branch "$PKG_BRANCH" "pkg/$DISTRIBUTION" +elif [ -d "pkg/$DISTRIBUTION/.git" ] && [ "$(git -C "pkg/$DISTRIBUTION" rev-parse --abbrev-ref HEAD)" = "$PKG_BRANCH" ]; then + git -C "pkg/$DISTRIBUTION" pull +fi diff --git a/mkosi.images/initrd/mkosi.conf b/mkosi.images/initrd/mkosi.conf deleted file mode 100644 index 36684c7f16..0000000000 --- a/mkosi.images/initrd/mkosi.conf +++ /dev/null @@ -1,30 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Config] -Dependencies=base - -[Output] -Format=cpio - -[Content] -BaseTrees=%O/base -ExtraTrees=%O/base-systemd -MakeInitrd=yes -Bootable=no -BuildPackages= - -Packages= -Packages= - gzip - systemd - udev - -# Arch Linux doesn't split their gcc-libs package so we manually remove unneeded stuff here to make sure it -# doesn't end up in the initrd. -RemoveFiles= - /usr/lib/libgfortran.so* - /usr/lib/libgo.so* - /usr/lib/libgomp.so* - /usr/lib/libgphobos.so* - /usr/lib/libobjc.so* - /usr/lib/libstdc++.so* diff --git a/mkosi.images/initrd/mkosi.conf.d/10-centos.conf b/mkosi.images/initrd/mkosi.conf.d/10-centos.conf deleted file mode 100644 index 3f92e52300..0000000000 --- a/mkosi.images/initrd/mkosi.conf.d/10-centos.conf +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=centos - -[Output] -# TODO: Switch to zstd once we stop building CentOS Stream 8. -CompressOutput=xz - -[Content] -Packages=xfsprogs - tpm2-tools diff --git a/mkosi.images/initrd/mkosi.conf.d/10-default.conf b/mkosi.images/initrd/mkosi.conf.d/10-default.conf deleted file mode 100644 index 9224b92dd0..0000000000 --- a/mkosi.images/initrd/mkosi.conf.d/10-default.conf +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=!centos -Distribution=!opensuse - -[Output] -CompressOutput=zst - -[Content] -Packages=btrfs-progs - tpm2-tools diff --git a/mkosi.images/initrd/mkosi.conf.d/10-opensuse.conf b/mkosi.images/initrd/mkosi.conf.d/10-opensuse.conf deleted file mode 100644 index 5cf2df397e..0000000000 --- a/mkosi.images/initrd/mkosi.conf.d/10-opensuse.conf +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Output] -CompressOutput=zst - -[Content] -Packages=btrfs-progs - tpm2.0-tools diff --git a/mkosi.images/system/mkosi.conf b/mkosi.images/system/mkosi.conf index 5bcf6967c7..9937ad3a98 100644 --- a/mkosi.images/system/mkosi.conf +++ b/mkosi.images/system/mkosi.conf @@ -3,49 +3,15 @@ [Config] Dependencies=base +[Distribution] +CacheOnly=metadata + [Output] @Format=directory [Content] -Autologin=yes BaseTrees=%O/base -ExtraTrees=%O/base-systemd -Packages= - acl - bash-completion - coreutils - diffutils - dnsmasq - dosfstools - e2fsprogs - findutils - gcc # Sanitizer libraries - gdb - grep - gzip - kbd - kexec-tools - less - mtools - nano - nftables - openssl - qrencode - sed - socat - strace - systemd - tmux - tar - tree - udev - util-linux - valgrind - wireguard-tools - xfsprogs - zsh - -BuildPackages= +Initrds=%O/base.initrd [Validation] @SecureBoot=yes diff --git a/mkosi.images/system/mkosi.conf.d/05-initrd.conf b/mkosi.images/system/mkosi.conf.d/05-initrd.conf deleted file mode 100644 index 23685871c6..0000000000 --- a/mkosi.images/system/mkosi.conf.d/05-initrd.conf +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Bootable=!no -Format=|disk -Format=|directory - -[Config] -Dependencies=initrd - -[Content] -Initrds=%O/initrd diff --git a/mkosi.images/system/mkosi.conf.d/10-arch.conf b/mkosi.images/system/mkosi.conf.d/10-arch.conf deleted file mode 100644 index a3d008d10f..0000000000 --- a/mkosi.images/system/mkosi.conf.d/10-arch.conf +++ /dev/null @@ -1,28 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=arch - -[Content] -Packages= - bpf - btrfs-progs - compsize - dhcp - f2fs-tools - glib2 - iproute - linux - man-db - openbsd-netcat - openssh - pacman - polkit - python-pefile - python-psutil - python-pytest - python3 - quota-tools - sbsigntools - shadow - vim diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf deleted file mode 100644 index 871186d5ca..0000000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf +++ /dev/null @@ -1,33 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|centos -Distribution=|fedora - -[Content] -Packages= - bpftool - cryptsetup - dhcp-server - dnf - glib2 - integritysetup - iproute - iproute-tc - kernel-core - libcap-ng-utils - netcat - openssh-server - openssh-clients - p11-kit - pam - passwd - polkit - procps-ng - python3 - python3dist(pefile) - python3dist(pluggy) # python3-pluggy is a pytest dependency that's not installed for some reason. - python3dist(psutil) - python3dist(pytest) - quota - vim-common diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf index 146e03a895..af4862d4b1 100644 --- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf +++ b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf @@ -2,7 +2,3 @@ [Match] Distribution=centos - -[Content] -Packages= - kernel-modules # For squashfs support diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf deleted file mode 100644 index 393d5f038c..0000000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf +++ /dev/null @@ -1,5 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# CentOS does not support erofs so we use squashfs instead. -[Partition] -Format=squashfs diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf deleted file mode 100644 index d6e3f20222..0000000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf +++ /dev/null @@ -1,31 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|debian -Distribution=|ubuntu - -[Content] -Packages= - apt - btrfs-progs - cryptsetup-bin - dbus-broker - default-dbus-session-bus - f2fs-tools - fdisk - iproute2 - isc-dhcp-server - libcap-ng-utils - netcat-openbsd - openssh-server - openssh-client - sbsigntool - passwd - policykit-1 - procps - python3 - python3-pefile - python3-psutil - python3-pytest - quota - xxd diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse.conf deleted file mode 100644 index ffcb664224..0000000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse.conf +++ /dev/null @@ -1,25 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Content] -Packages= - bpftool - btrfs-progs - cryptsetup - dbus-broker - f2fs-tools - glibc-locale-base - kernel-kvmsmall - libcap-ng-utils - openssh-server - openssh-clients - python3 - python3-pefile - python3-psutil - python3-pytest - quota - sbsigntools - shadow - vim diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu.conf deleted file mode 100644 index b099e79132..0000000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu.conf +++ /dev/null @@ -1,14 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=ubuntu - -[Content] -Packages= - # We would like to use linux-image-kvm but it does not have support for SMBIOS credentials. - linux-image-generic - linux-tools-common - linux-tools-generic -# "orphan_file" is enabled by default in recent versions of mkfs.ext4 but not supported by the Jammy kernel -# so we explicitly disable it. -Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" diff --git a/mkosi.images/system/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.repart/00-esp.conf index 4be04661d9..391543d1e7 100644 --- a/mkosi.images/system/mkosi.repart/00-esp.conf +++ b/mkosi.images/system/mkosi.repart/00-esp.conf @@ -5,5 +5,5 @@ Type=esp Format=vfat CopyFiles=/boot:/ CopyFiles=/efi:/ -SizeMinBytes=512M -SizeMaxBytes=512M +SizeMinBytes=1G +SizeMaxBytes=1G |